package com.dtguai.app.common.xss;


import com.dtguai.app.common.exception.DefinedException;
import org.apache.commons.lang.StringUtils;

/**
  * @author guoLiang
  * @date 2019年6月21日17:27:29
  * @类描述 SQL过滤
  */
public class SqlFilter {

   /**
    * SQL注入过滤
    * @param str  待验证的字符串
    */
   public static String sqlInject(String str){
       if(StringUtils.isBlank(str)){
           return null;
       }
       //去掉'|"|;|\字符
       str = StringUtils.replace(str, "'", "");
       str = StringUtils.replace(str, "\"", "");
       str = StringUtils.replace(str, ";", "");
       str = StringUtils.replace(str, "\\", "");

       //转换成小写
       str = str.toLowerCase();

       //非法字符
       String[] keywords = {"master", "truncate", "insert", "select", "delete", "update", "declare", "alert", "drop"};

       //判断是否包含非法字符
       for(String keyword : keywords){
           if(str.contains(keyword)){
               throw new DefinedException("包含非法字符");
           }
       }

       return str;
   }
}
